1. Field of the Invention
The present invention relates to communication systems set up between a “user machine”, which is a device such as an image forming device provided with a facsimile function, for example, and a “service center”, methods for communicating across that communication system, and information receiving devices (the above-noted user machine) used in the communication system. In particular, the present invention relates to measures for improving security in cases such as when firmware in the user machine is updated in response to a notification from the service center, or various settings in the user machine are changed by remote operation from the service center.
2. Description of the Related Art
Multifunction units that contain functions such as a copy function, printer function and facsimile function have been in mainstream use for some time. This type of multifunction unit is set up such that the control operation of various functions is performed by control software (micro program) called “firmware” that is written onto ROM (read only memory) assembled in the hardware, or onto EEPROM (electrically erasable programmable read only memory).
However, in this type of device, if, for example, bugs are found in the firmware, then it becomes necessary to update the version of the firmware (update to a version that does not contain bugs). Up to now, it has been standard practice that new versions of firmware are updated by a maintenance operator going out to the installed location of the multifunction unit to replace the ROM or download the appropriate data from an IC card or host interface.
However, there have been problems in that when the maintenance operator goes out to the installed location of the multifunction unit every time there is a new version of the firmware, it is necessary to expend a great deal of time and energy to update the firmware in all the numerous multifunction units. Not only is it not been possible to perform updating of the new version quickly but the cost of maintenance has escalated.
Furthermore, not only is the case in which versions of the firmware are updated, but also in the case of changes to various settings of the multifunction unit in response to user requests (for example, setting of modes such as an energy saving mode or 2-in-1 copy function), the maintenance operator actually goes out to the installed locations of the multifunction units to change the settings, and this has caused an escalation in maintenance costs.
As a solution to these problems, the technology disclosed in JP 2000-316066A (referred to below as Patent Reference 1) has been proposed. In Patent Reference 1, technology is disclosed in which the facsimile function of the multifunction unit is utilized to communicate between the multifunction unit and the service center, in order to transmit the firmware's updated version or setting change information from the service center to the multifunction unit, and then to update the firmware or change the various settings based on this information.
The operation for updating the version of the firmware that is disclosed in Patent Reference 1 is set up such that, first of all, the data received from outside via the communication line is judged as to whether or not it is the data for upgrading the firmware, and if the data is the data for upgrading the firmware, then while still connected, the data is temporarily saved in the RAM (random access memory), and after the reception is complete, the firmware is updated utilizing the data that was temporarily saved in the RAM.
However, in the technology disclosed in Patent Reference 1, if data that is disguised as data for upgrading the firmware is sent to the multifunction unit from a party that is not the official service center, then there is a risk that the multifunction unit will judge that data to be the official data for upgrading the firmware, and will then update the firmware utilizing that data. In this case, if a computer virus is contained in the received data for upgrading the firmware, then the firmware will be infected with a virus and will not be able to perform its normal functions. That is to say, if a malicious party who is disguised as the official service center transmits data containing a computer virus, then it is not possible to prevent viral infection.
Furthermore, if the data that is transmitted by a malicious party who is disguised as the official service center is a program for improperly accessing information accumulated in the multifunction unit, then there is a risk that information such as personal information (customer information) registered in the multifunction unit, or information such as the send/receive log of the facsimile, may be improperly accessed.
Thus, conventional technology for updating versions of firmware on a user machine by transmitting between a user machine, such as a multifunction unit, and a service center has not employed defensive measures against viral infections or theft of accumulated information, and has had an exceptionally low level of security.
The present invention has been contrived in view of these points, and it is an object of the present invention to provide a highly secure communication system, a communication method that is performed on that communication system and an information receiving device in which the communication system is used, for updating versions of the firmware by communication between the user machine and the service center, and for being able to avoid with certainty viral infections or theft of accumulated information, caused by data from a party which is not the official service center.